|
|
#1
25. Mar 2008, 08:58
| |||
| |||
| Hallo, Jeg har et problem med en trojansk hest. Advarselsmeldingen "C: \ windows \ system32 \ crypt32n.dll trojaneren BHO.CVX Jeg har kjørt AVG og dette identifiserer filen trekk den tom for hvelv men re-boot det der igjen. Jeg har forsøkt å slette filen i Windows som mislyktes. Jeg prøvde å døpe den i Windows (med sikte på å slette den) som mislyktes. Jeg har prøvd å gå tilbake og re-sette min PC, men jeg kan ikke gå tilbake enn starten av måneden, og jeg har hatt dette siden før jul. Min PC synes å være ok, men jeg er likevel bekymret for at jeg har et virus! Er det noe jeg kan gjøre? Hjelp mye verdsatt hilsen Ian A |
|
#2
25 mars 2008, 10:47
| |||
| |||
Velkommen til CJ.
__________________  |
|
#3
25 mars 2008, 14:33
| |||
| |||
| Hi Evil Fantansy Jeg prøvde dette i begynnelsen av måneden her er loggen. Håper dette betyr noe for deg Mine fingre er krysset Ta Ian A StartupList rapport 05/03/2008, 14:49:42 StartupList versjon: 1.52.2 Startes fra C: \ Documents and Settings \ Iana \ Skrivebord \ HijackThis.EXE Oppdaget: Windows XP SP2 (WinNT 5.01.2600) Oppdaget: Internet Explorer v7.00 (7.00.6000.16608) * Bruke standardvalgene * Inkludert tomt og uninteresting seksjoner * Viser sjelden viktige deler ==========================================\u0 Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.exe C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Programfiler \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Programfiler \ Synaptics \ SynTP \ Toshiba.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Programfiler \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe C: \ WINDOWS \ system32 \ DLA \ DLACTRLW.EXE C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe C: \ Programfiler \ QuickTime \ qttask.exe C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Programfiler \ Messenger \ msmsgs.exe C: \ Programfiler \ FinePixViewer \ QuickDCF.exe C: \ Documents and Settings \ Iana \ Skrivebord \ HijackThis.exe -------------------------------------------------- Oppføring av oppstartsmapper: Shell mapper Oppstart: [C: \ Documents and Settings \ Iana \ Start-meny \ Programmer \ Oppstart] * Ingen filer * Shell mapper AltStartup: * Folder ikke funnet * User Shell Folders Oppstart: * Folder ikke funnet * User Shell Folders AltStartup: * Folder ikke funnet * Shell mapper felles Oppstart: [C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart] Exif Launcher.lnk = C: \ Programfiler \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE Shell mapper felles AltStartup: * Folder ikke funnet * User Shell Folders felles Oppstart: * Folder ikke funnet * User Shell Folders Alternate felles Oppstart: * Folder ikke funnet * -------------------------------------------------- Checking Windows NT UserInit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] UserInit = C: \ WINDOWS \ system32 \ userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win Påloggingsskjermen] * Registernøkkel ikke funnet * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] * Registerverdi ikke funnet * [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win Påloggingsskjermen] * Registernøkkel ikke funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe Toshiba Hurtigtast Utility = "C: \ Programfiler \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang no TPSMain = TPSMain.exe NDSTray.exe = NDSTray.exe SmoothView = C: \ Programfiler \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe PadTouch = C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe DLA = C: \ WINDOWS \ system32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Programfiler \ REGSHAVE \ REGSHAVE.EXE / AutoRun Aku = "C: \ Program Files \ Atheros \ ACU.exe"-nogui TkBellExe = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres AVG7_CC = C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Programfiler \ Fellesfiler \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" OPSE påminnelse = "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Når * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ toscdspd.exe Ctfmon.exe = C: \ WINDOWS \ system32 \ Ctfmon.exe PnPUI Registrator = C: \ Programfiler \ Fellesfiler \ Sitecom Shared \ PNP Universal Installer \ PnPUIReg.exe-s MSMSGS = "C: \ Programfiler \ Messenger \ msmsgs.exe" / background -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Når * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registernøkkel ikke funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registernøkkel ikke funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Når [Setup] * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Når [Setup] * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Ingen undernøkler funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registernøkkel ikke funnet * -------------------------------------------------- Autorun oppføringer i registerundernøkler til: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registernøkkel ikke funnet * -------------------------------------------------- Filtilknytning oppføringen. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Filtilknytning oppføringen. Com: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Filtilknytning oppføringen. BAT: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Filtilknytning oppføringen. Pif: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Filtilknytning oppføringen. Scr: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Default) = "% 1" / S -------------------------------------------------- Filtilknytning oppføringen. Hta: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = C: \ WINDOWS \ system32 \ Mshta.exe "% 1"% * -------------------------------------------------- Filtilknytning oppføringen. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ Shell \ Open \ komma nd (Default) = C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE -------------------------------------------------- Opplisting Active Setup stubbsider baner: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Deaktivert av HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * StubPath = C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] StubPath = C: \ WINDOWS \ inf \ unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * StubPath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * StubPath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / ringer: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / ringer: WINNT / user / install [(89820200-ECBD-11cf-8B85-00AA005B4340)] * StubPath = regsvr32.exe / s / n / i: U Shell32.dll [(89820200-ECBD-11cf-8B85-00AA005B4383)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Opplisting ICQ Agent autostart programmer: HKCU \ Software \ mirabilis \ ICQ \ Agent \ Apps * Registernøkkel ikke funnet * -------------------------------------------------- Load / Kjør taster fra C: \ WINDOWS \ Win.ini: Beregnigner =* INI delen ikke funnet * kjøre =* INI delen ikke funnet * Load / Kjør taster fra registret: HKLM \ .. \ Windows NT \ CurrentVersion \ Winlogon: Beregnigner =* registerverdi ikke funnet * HKLM \ .. \ Windows NT \ CurrentVersion \ Winlogon: kjøre =* registerverdi ikke funnet * HKLM \ .. \ Windows \ CurrentVersion \ Winlogon: Beregnigner =* registernøkkel ikke funnet * HKLM \ .. \ Windows \ CurrentVersion \ Winlogon: kjøre =* registernøkkel ikke funnet * HKCU \ .. \ Windows NT \ CurrentVersion \ Winlogon: Beregnigner =* registerverdi ikke funnet * HKCU \ .. \ Windows NT \ CurrentVersion \ Winlogon: kjøre =* registerverdi ikke funnet * HKCU \ .. \ Windows \ CurrentVersion \ Winlogon: Beregnigner =* registernøkkel ikke funnet * HKCU \ .. \ Windows \ CurrentVersion \ Winlogon: kjøre =* registernøkkel ikke funnet * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: kjøre =* registerverdi ikke funnet * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: Beregnigner =* registerverdi ikke funnet * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: kjøre =* registerverdi ikke funnet * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & skjermsparerens nøkkel fra C: \ WINDOWS \ SYSTEM.INI: Shell =* INI delen ikke funnet * SCRNSAVE.EXE =* INI delen ikke funnet * drivere =* INI delen ikke funnet * Shell & skjermsparerens nøkkelen fra registret: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr drivere =* registerverdi ikke funnet * Policyer Shell nøkkel: HKCU \ .. \ Policies: Shell =* registerverdi ikke funnet * HKLM \ .. \ Policies: Shell =* registerverdi ikke funnet * -------------------------------------------------- Checking for Explorer.exe tilfeller: C: \ WINDOWS \ Explorer.exe: Presentere! C: \ Explorer.exe: ikke til stede C: \ WINDOWS \ Explorer \ Explorer.exe: ikke til stede C: \ WINDOWS \ SYSTEM \ Explorer.exe: ikke til stede C: \ WINDOWS \ system32 \ Explorer.exe: ikke til stede C: \ WINDOWS \ Command \ Explorer.exe: ikke til stede C: \ WINDOWS \ Fonts \ Explorer.exe: ikke til stede -------------------------------------------------- Checking for superhidden filtyper: . lnk: HIDDEN! (pil overlegg: ja) . pif: HIDDEN! (pil overlegg: ja) . exe: ikke skjult . com: ikke skjult . balltre: ikke skjult . hta: ikke skjult . scr: ikke skjult . shs: HIDDEN! . shb: HIDDEN! . vbs: ikke skjult . vbe: ikke skjult . WSH: ikke skjult . scf: HIDDEN! (pil overlegg: NO!) . url: HIDDEN! (pil overlegg: ja) . js: ikke skjult . jse: ikke skjult -------------------------------------------------- Bekrefte REGEDIT.EXE integritet: - Regedit.exe funnet i C: \ WINDOWS -. Reg åpne kommandoen er normal (regedit.exe% 1) - Firmanavn OK: "Microsoft Corporation ' - Opprinnelig filnavn OK: 'REGEDIT.EXE' - Fil Beskrivelse: 'Registerredigering' Registerverdi sjekk passert -------------------------------------------------- Opplisting Browser Helper Objects: (no name) - c: \ windows \ system32 \ athcfg11c.dll (file missing) - (51610169-C280-4F36-84AB-82D92ED1F68B) (no name) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (no name) - c: \ Programfiler \ Google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (no name) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Opplisting Oppgaveplanlegging arbeidsplasser: AppleSoftwareUpdate.job At1.job Norton Security Scan.job RegCure Program Check.job RegCure.job -------------------------------------------------- Opplisting Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file: / / / C: / Windows / Java / klasser / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser for Java.osd [iPIX ActiveX Control] InprocServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InprocServer32 = C: \ WINDOWS \ system32 \ Macromed \ Director \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Klassifikasjon] InprocServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-kvadrerte Scanner] InprocServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InprocServer32 = C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InprocServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Opplisting Winsock LSP filer: Namespace # 1: C: \ WINDOWS \ system32 \ mswsock.dll Namespace # 2: C: \ WINDOWS \ system32 \ winrnr.dll Namespace # 3: C: \ WINDOWS \ system32 \ mswsock.dll Namespace # 4: C: \ WINDOWS \ system32 \ nwprovau.dll Protokoll # 1: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 2: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 3: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protokoll # 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protokoll # 6: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 7: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 8: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 9: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 10: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 11: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 12: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 13: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 14: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 15: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 16: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 18: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 19: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 20: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 21: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 22: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 23: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Opplisting Windows NT/2000/XP tjenester Microsoft ACPI Driver: system32 \ drivers \ ACPI.sys (systemet) Microsoft Embedded Controller Driver: system32 \ drivers \ ACPIEC.sys (systemet) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (autostart) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (manuell start) AFD: \ SystemRoot \ system32 \ drivers \ afd.sys (systemet) Alerter:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (deaktivert) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manuell start) Application Management:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (manuell start) Atheros Wireless Network Adapter Service: system32 \ drivers \ ar5211.sys (manuell start) ASP.NET State Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (manuell start) RAS Asynkrone Media Driver: system32 \ drivers \ asyncmac.sys (manuell start) Standard IDE / ESDI Hard Disk Controller: system32 \ drivers \ Atapi.sys (systemet) Ati Hurtigtast Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (autostart) ati2mtag: system32 \ drivers \ ati2mtag.sys (manuell start) ATM ARP Kundekommentarer Protokoll: system32 \ drivers \ atmarpc.sys (manuell start) Windows Audio:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Audio Stub Driver: system32 \ drivers \ audstub.sys (manuell start) AVG Anti-Spyware Driver: \? \ C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.sys (systemet) AVG Anti-Spyware Guard: C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe (autostart) AVG7 Alert Manager Server: C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (autostart) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (systemet) AVG7 Bryt Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (systemet) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (systemet) AVG7 Update Service: C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (autostart) AVG Anti-Spyware Renhet Driver: system32 \ drivers \ AvgAsCln.sys (systemet) AVG7 Renhet Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (systemet) Background Intelligent Transfer Service:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Access 32bits INT15 rutine: system32 \ drivers \ BoiHwSetup.sys (manuell start) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (autostart) Computer Browser:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Conexant AMC 3D Environmental Audio: system32 \ drivers \ camc6aud.sys (manuell start) CAMCHALA: system32 \ drivers \ camc6hal.sys (manuell start) CD-ROM Driver: system32 \ drivers \ cdrom.sys (systemet) ConfigFree Service: C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe (autostart) Indekseringstjenesten:% SystemRoot% \ system32 \ cisvc.exe (manuell start) ClipBook:% SystemRoot% \ system32 \ clipsrv.exe (deaktivert) Microsoft ACPI Control Method Battery Driver: system32 \ drivers \ CmBatt.sys (manuell start) Microsoft Composite Battery Driver: system32 \ drivers \ compbatt.sys (systemet) COM + System Application: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (manuell start) Kryptografiske tjenester:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) DCOM Server Process Launcher:% SystemRoot% \ system32 \ svchost-k DcomLaunch (autostart) DHCP-klient:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Disk Driver: system32 \ drivers \ disk.sys (systemet) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (autostart) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (systemet) DLADResN: System32 \ DLA \ DLADResN.SYS (autostart) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (autostart) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (autostart) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (autostart) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (systemet) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (autostart) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (autostart) Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ dmadmin.exe / com (manuell start) dmboot: system32 \ drivers \ dmboot.sys (deaktivert) Logical Disk Manager Driver: system32 \ drivers \ dmio.sys (systemet) dmload: system32 \ drivers \ dmload.sys (systemet) Logical Disk Manager:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ DMusic.sys (manuell start) DNINDIS5 NDIS Protocol Driver: \? \ C: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11G \ DNINDIS5.SYS (manuell start) DNS-klient:% SystemRoot% \ system32 \ Svchost.exe-k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32 \ drivers \ drmkaud.sys (manuell start) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (systemet) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (autostart) Error Reporting Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Hendelseslogg:% SystemRoot% \ system32 \ Services.exe (autostart) COM + Event System: C: \ WINDOWS \ system32 \ Svchost.exe-k netsvcs (manuell start) Raskt brukerbytte Kompatibilitet:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) FltMgr: system32 \ drivers \ fltMgr.sys (systemet) Volume Manager Driver: system32 \ drivers \ ftdisk.sys (systemet) Generic Packet Classifier: system32 \ drivers \ msgpc.sys (manuell start) GTNDIS5 NDIS Protocol Driver: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (manuell start) Google Updater Service: "C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe (manuell start) Hjelp og støtte:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Human Interface Device Access:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (deaktivert) Microsoft HID Klassifikasjon Driver: system32 \ drivers \ hidusb.sys (manuell start) hlkvythd: system32 \ drivers \ vzrpdamf.dat (systemet) HSFHWATI: system32 \ drivers \ HSFHWATI.sys (manuell start) HSF_DPV: system32 \ drivers \ HSF_DPV.sys (manuell start) HTTP: System32 \ Drivers \ HTTP.SYS (manuell start) HTTP SSL:% SystemRoot% \ System32 \ Svchost.exe-k HTTPFilter (manuell start) i8042 Keyboard og PS/2-museporten Driver: system32 \ drivers \ i8042prt.sys (systemet) InstallDriver Table Manager: "C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (manuell start) CD-brenning Filter Driver: system32 \ drivers \ imapi.sys (systemet) IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ imapi.exe (manuell start) Intel Processor Driver: system32 \ drivers \ intelppm.sys (systemet) IPv6 Windows Firewall Driver: system32 \ drivers \ Ip6Fw.sys (manuell start) IP Traffic Filter Driver: system32 \ drivers \ ipfltdrv.sys (manuell start) IP IP Tunnel Driver: system32 \ drivers \ ipinip.sys (manuell start) IP Network Address Translator: system32 \ drivers \ ipnat.sys (manuell start) IPSEC driveren: system32 \ drivers \ ipsec.sys (systemet) IR Enumerator Service: system32 \ drivers \ irenum.sys (manuell start) PNP ISA / EISA Bus Driver: system32 \ drivers \ isapnp.sys (systemet) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (manuell start) Keyboard Klassifikasjon Driver: system32 \ drivers \ kbdclass.sys (systemet) Microsoft Kernel Wave Audio Mixer: system32 \ drivers \ kmixer.sys (manuell start) Server:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Arbeidsstasjon:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart) mdmxsdk: system32 \ drivers \ mdmxsdk.sys (autostart) Messenger:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (deaktivert) NetMeeting Remote Desktop Sharing: C: \ WINDOWS \ system32 \ mnmsrvc.exe (manuell start) Mouse Klassifikasjon Driver: system32 \ drivers \ mouclass.sys (systemet) Mus HID Driver: system32 \ drivers \ mouhid.sys (manuell start) WebDAV Client Redirector: system32 \ drivers \ mrxdav.sys (manuell start) MRXSMB: system32 \ drivers \ mrxsmb.sys (systemet) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manuell start) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (manuell start) Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (manuell start) Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (manuell start) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (manuell start) Microsoft System Management BIOS Driver: system32 \ drivers \ mssmbios.sys (manuell start) Remote Access NDIS TAPI Driver: system32 \ drivers \ ndistapi.sys (manuell start) NDIS Usermode I/O- Protokoll: system32 \ drivers \ ndisuio.sys (manuell start) Remote Access NDIS WAN Driver: system32 \ drivers \ ndiswan.sys (manuell start) NetBIOS Interface: system32 \ drivers \ netbios.sys (systemet) NetBIOS over Tcpip: system32 \ drivers \ Netbt.sys (systemet) Network DDE:% SystemRoot% \ system32 \ netdde.exe (deaktivert) Network DDE DSDM:% SystemRoot% \ system32 \ netdde.exe (deaktivert) TOSHIBA Network Device Usermode I/O- Protokoll: system32 \ drivers \ netdevio.sys (autostart) Net Logon:% SystemRoot% \ system32 \ Lsass.exe (autostart) Nettverkstilkoblinger:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) Nettverksplassering Bevisshet (NLA):% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (manuell start) NT LM Security Support Provider:% SystemRoot% \ system32 \ Lsass.exe (manuell start) Flyttbare lagringsmedier:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (manuell start) Client Service for NetWare:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) IPX Traffic Filter Driver: system32 \ drivers \ nwlnkflt.sys (manuell start) IPX Trafikk Forwarder Driver: system32 \ drivers \ nwlnkfwd.sys (manuell start) NWLink IPX / SPX / NetBIOS Kompatible Transport Protocol: system32 \ drivers \ nwlnkipx.sys (autostart) NWLink NetBIOS: system32 \ drivers \ nwlnknb.sys (autostart) NWLink SPX / SPXII Protokoll: system32 \ drivers \ nwlnkspx.sys (autostart) NetWare rdr: system32 \ drivers \ nwrdr.sys (manuell start) Office Source Engine: "C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Source Engine \ Ose.exe" (manuell start) PCI Bus Driver: system32 \ drivers \ pci.sys (systemet) PCIIde: system32 \ drivers \ pciide.sys (systemet) PCMCIA: system32 \ drivers \ pcmcia.sys (systemet) Padus ASPI Shell: system32 \ drivers \ pfc.sys (manuell start) Plug and Play:% SystemRoot% \ system32 \ Services.exe (autostart) IPSEC Services:% SystemRoot% \ system32 \ Lsass.exe (autostart) WAN Miniport (PPTP): system32 \ drivers \ raspptp.sys (manuell start) Protected Storage:% SystemRoot% \ system32 \ Lsass.exe (autostart) QoS Packet Scheduler: system32 \ drivers \ psched.sys (manuell start) Direkte Parallel Link Driver: system32 \ drivers \ ptilink.sys (manuell start) PxHelp20: System32 \ Drivers \ PxHelp20.sys (systemet) Quanta Hurtigtast Keyboard Filter Driver: system32 \ drivers \ qkbfiltr.sys (manuell start) Quanta Hurtigtast Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (manuell start) Remote Access Auto Connection Driver: system32 \ drivers \ rasacd.sys (systemet) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (manuell start) WAN Miniport (L2TP): system32 \ drivers \ rasl2tp.sys (manuell start) Remote Access Connection Manager:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (manuell start) Remote Access PPPoE Driver: system32 \ drivers \ raspppoe.sys (manuell start) Direkte parallellgrensesnitt: system32 \ drivers \ raspti.sys (manuell start) Rdbss: system32 \ drivers \ rdbss.sys (systemet) RDPCDD: system32 \ drivers \ RDPCDD.sys (systemet) Terminal Server Device Redirector Driver: system32 \ drivers \ rdpdr.sys (manuell start) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ sessmgr.exe (manuell start) Digital CD Audio Playback Filter Driver: system32 \ drivers \ redbook.sys (systemet) Ruting og ekstern pålogging:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (deaktivert) Remote Registry:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart) RPC (Remote Procedure Call) Locator:% SystemRoot% \ system32 \ Locator.exe (manuell start) RPC (Remote Procedure Call):% SystemRoot% \ system32 \ svchost-k RPCSS (autostart) QoS RSVP:% SystemRoot% \ system32 \ rsvp.exe (manuell start) Belkin RT2500 Wireless Driver: system32 \ drivers \ RT61.sys (manuell start) Realtek 10/100/1000 NIC Familie alt på ett NDIS XP Driver: system32 \ drivers \ Rtlnicxp.sys (manuell start) Realtek RTL8139 (A / B / C)-baserte PCI Fast Ethernet Adapter NT Driver: system32 \ drivers \ RTL8139.SYS (manuell start) Security Accounts Manager:% SystemRoot% \ system32 \ Lsass.exe (autostart) Smart Card:% SystemRoot% \ System32 \ SCardSvr.exe (manuell start) Oppgaveplanlegging:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Secdrv: system32 \ drivers \ secdrv.sys (manuell start) Secondary Logon:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) System hendelsesvarsling:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Sitecom Serial Port Driver: system32 \ drivers \ ser2pl.sys (manuell start) Serenum Filter Driver: system32 \ drivers \ serenum.sys (manuell start) Høykapasitets diskettstasjon: system32 \ drivers \ sfloppy.sys (manuell start) Windows Firewall / Internet Connection Sharing (ICS):% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Shell Hardware Detection:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32 \ drivers \ Splitter.sys (manuell start) Utskriftskøen:% SystemRoot% \ system32 \ Spoolsv.exe (autostart) Systemgjenoppretting Filter Driver: system32 \ drivers \ sr.sys (systemet) Systemgjenoppretting Service:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Srv: system32 \ drivers \ Srv.sys (manuell start) SSDP Discovery Service:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (manuell start) Fortsatt Serial Digital Camera Driver: system32 \ drivers \ serscan.sys (manuell start) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ Svchost.exe-k imgsvc (autostart) Software Bus Driver: system32 \ drivers \ swenum.sys (manuell start) Microsoft Kernel GS Wavetable synthesizer: system32 \ drivers \ swmidi.sys (manuell start) MS Software Shadow Kopier Leverandør: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (manuell start) Synaptics touchpad Driver: system32 \ drivers \ SynTP.sys (manuell start) Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (manuell start) Ytelseslogger og varsler:% SystemRoot% \ system32 \ smlogsvc.exe (manuell start) Telefoni:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) TCP / IP-protokoll Driver: system32 \ drivers \ Tcpip.sys (systemet) Terminal Device Driver: system32 \ drivers \ termdd.sys (systemet) Terminal Services:% SystemRoot% \ System32 \ svchost-k DComLaunch (manuell start) Tema:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (deaktivert) tmcomm: \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (autostart) Distributed Link Tracking Client:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart) Microcode Update Driver: system32 \ drivers \ update.sys (manuell start) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (manuell start) Avbruddsfri strømforsyning:% SystemRoot% \ System32 \ ups.exe (manuell start) Microsoft USB Generic Parent Driver: system32 \ drivers \ usbccgp.sys (manuell start) Microsoft USB 2.0 forbedret vertskontroller Miniport Driver: system32 \ drivers \ usbehci.sys (manuell start) USB2 Enabled Hub: system32 \ drivers \ Usbhub.sys (manuell start) Microsoft USB Open Host Controller Miniport Driver: system32 \ drivers \ usbohci.sys (manuell start) Microsoft USB PRINTER klasse: system32 \ drivers \ usbprint.sys (manuell start) USB Scanner Driver: system32 \ drivers \ usbscan.sys (manuell start) USB Mass Storage Driver: system32 \ drivers \ USBSTOR.SYS (manuell start) Linksys Wireless-G USB Network Adapter med SpeedBooster Driver v2: system32 \ drivers \ usb8023.sys (manuell start) VgaSave: \ SystemRoot \ system32 \ drivers \ vga.sys (systemet) Volume Shadow Copy:% SystemRoot% \ System32 \ vssvc.exe (manuell start) Windows Time:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Remote Access IP ARP Driver: system32 \ drivers \ wanarp.sys (manuell start) Windows CE USB Serial Host Driver: system32 \ drivers \ wceusbsh.sys (manuell start) Microsoft WINMM WDM Audio Kompatibilitet Driver: system32 \ drivers \ wdmaud.sys (manuell start) WebClient:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart) winachsf: system32 \ drivers \ HSF_CNXT.sys (manuell start) Windows Management Instrumentation:% systemroot% \ system32 \ Svchost.exe-k netsvcs (autostart) Portable Media Serienummer Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manuell start) Windows Media Player Network Sharing Service: "C: \ Programfiler \ Windows Media Player \ WMPNetwk.exe" (manuell start) Windows Socket 2,0 Non-IFS Service Provider Support Environment: \ SystemRoot \ system32 \ drivers \ ws2ifsl.sys (deaktivert) Security Center:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Automatiske oppdateringer:% systemroot% \ system32 \ Svchost.exe-k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32 \ drivers \ WudfPf.sys (manuell start) Windows Driver Foundation - User-mode Driver Framework reflektor: system32 \ drivers \ wudfrd.sys (manuell start) Windows Driver Foundation - User-mode Driver Framework:% SystemRoot% \ system32 \ Svchost.exe-k WudfServiceGroup (manuell start) Wireless Zero Configuration:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart) Network Provisioning Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (manuell start) -------------------------------------------------- Opplisting Windows NT pålogging / avlogging skript: * No scripts satt til å kjøre * Windows NT checkdisk kommando: BootExecute = AutoCheck Autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: * registerverdi ikke funnet * -------------------------------------------------- Opplisting ShellServiceObjectDelayLoad elementer: PostBootReminder: C: \ WINDOWS \ system32 \ SHELL32.DLL CDBurn: C: \ WINDOWS \ system32 \ SHELL32.DLL WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll Systray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Autorun oppføringer fra registeret: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Ingen verdier funnet * -------------------------------------------------- Autorun oppføringer fra registeret: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Ingen verdier funnet * -------------------------------------------------- Slutten av rapporten, 38242 bytes Rapport generert på 0.266 sekunder Kommandolinjeparametere alternativer: / verbose - å legge til mer informasjon om hver del / komplett - til å omfatte tomt deler og unsuspicious data / full - for å inkludere flere sjelden viktig seksjoner / force9x - å inkludere Win9x bare startups selv om du kjører på WinNT / forcent - å inkludere WinNT bare startups selv om du kjører på Win9x / forceall - for å inkludere alle Win9x og WinNT startups, uavhengig av plattform / historie - til liste versjon logg |
|
#4
25. Mar 2008, 14:47
| |||
| |||
| Dvs en oppstart fra HJT som er nyttig, men jeg trenger hoveddisplayet scan. Åpne HJT og velg Gjør et system skanne og lagre en loggfil knappen. Innlegg som logger takk.
__________________ |
|
#5
27th Mar 2008, 12:47
| |||
| |||
| Hei, Unnskyld hvis jeg virker treg på å svare, men jeg har problemer med å lagre søket! Jeg har vært til HJT kjøre "Gjør et system skanne og lagre en loggfil, men når den prøver å åpne en loggfil det mislykkes. Den eneste måten jeg kan se av denne info om jeg lagre en kopi av skjermen, men å legge det blir en stor fil tror du dette er en god idé eller er det noe annet jeg kan prøve? Hilsen Ian A |
|
#6
27th Mar 2008, 12:58
| |||
| |||
| Prøv dette stedet og poste loggene fra den. Laste ned Deckard's System Scanner (DSS) til Desktop. Merk: Du må være logget inn på en konto med administratorrettigheter.
Hva DSS vil gjøre:
__________________ |
|
#7
28th Mar 2008, 14:41
| |||
| |||
| Hei Jeg må tenke! Jeg har forsøkt å gå til den varme link Deckards scanner men jeg finner ikke dss.exe. Deckards spør meg om å registrere seg til et annet nettsted forum ligner på en jeg allerede på Vennligst forklar Ian |
|
#8
28 mars 2008, 14:46
| |||
| |||
| Bruk denne linken. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________ |
|
#9
7 april 2008, 00:56
| |||
| |||
| Hallo, Beklager hvis det en gang siden jeg har gått tilbake, men jeg har vært borte Jeg har nå klart å gjøre skanne og her er resultatet Systemgjenoppretting ------------------------------------------------ -------------- Nå opprettet en Deckard's System Scanner Restore Point. - Siste 5 Restore Point (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - systemkontrollpunkt 47: 2008-04-01 17:50:42 UTC - RP158 - systemkontrollpunkt 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - systemkontrollpunkt - First Restore Point -- 1: 2008-01-04 07:54:54 UTC - RP112 - systemkontrollpunkt Sikkerhetskopiert registerstrukturene. Utført Diskopprydding. Prosentandel av Minne i bruk: 76% (mer enn 75%). Total Physical Memory: 447 MIB (512 MIB anbefalt). - HijackThis (kjøres som iana.exe) ---------------------------------------- -------- Logfile of Trend Micro HijackThis v2.0.2 Scan lagret 08:52:30, on 07/04/2008 Plattform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.exe C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Programfiler \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Programfiler \ Synaptics \ SynTP \ Toshiba.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Programfiler \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe C: \ WINDOWS \ system32 \ DLA \ DLACTRLW.EXE C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe C: \ Programfiler \ QuickTime \ qttask.exe C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Programfiler \ Messenger \ msmsgs.exe C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Programfiler \ FinePixViewer \ QuickDCF.exe C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Programfiler \ Internet Explorer \ iexplore.exe C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Documents and Settings \ Iana \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ DSS [1]. Exe C: \ progra ~ 1 \ TRENDM ~ 1 \ kapre ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (fil mangler) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar1.dll O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Toshiba Hurtigtast Utility] "C: \ Programfiler \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang no O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [SmoothView] C: \ Programfiler \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ system32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Programfiler \ REGSHAVE \ REGSHAVE.EXE / AutoRun O4 - HKLM \ .. \ Run: [Aku] "C: \ Program Files \ Atheros \ ACU.exe"-nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" O4 - HKLM \ .. \ Run: [OPSE påminnelse] "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Programfiler \ Fellesfiler \ Sitecom Shared \ PNP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C: \ Programfiler \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MI05E6 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O10 - Unknown fil i Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O14 - IERESET.INF: START_PAGE_URL = http://companyweb O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1197453622703 O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-kvadrerte Scanner) -- http://ax.emsisoft.com/asquared.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: DomainName = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: detcdzqc - athcfg11c.dll (fil mangler) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP SPL Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- End of file - 9862 bytes - HijackThis Fast Entries (c: \ progra ~ 1 \ TRENDM ~ 1 \ kapre ~ 1 \ backup \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ wks-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ Wks-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-a391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 O20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ system32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Miljø Check (3). lnk = C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (fil mangler) backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - Filtilknytninger ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE - Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - c: \ Programfiler \ superantispyware \ sasdifsv.sys R1 SASKUTIL - c: \ Programfiler \ superantispyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <Not Verified; Conexant; Diagnosetermer Interface> R2 Netdevio (TOSHIBA Network Device Usermode I/O- Protocol) - c: \ windows \ system32 \ drivers \ netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Access 32bits INT15 rutine) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Not Verified; Quanta Computer Corp; Toshiba HwSetup Driver> R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio Driver> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal Driver> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 pfc (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta Hurtigtast Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Hurtigtast Keyboard Filter Driver> R3 qmofiltr (Quanta Hurtigtast Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Enhet Driver> R3 SASENUM - c: \ Programfiler \ superantispyware \ sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11g \ dnindis5.sys (fil mangler) S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c: \ windows \ system32 \ gtndis5.sys (fil mangler) S3 RT61 (Belkin RT2500 Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (fil mangler) S3 Ser2pl (Sitecom seriell port driver) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Not Verified; produktive Technology Inc.; produktive USB-to-Serial Bridge Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> - Service: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - c: \ Programfiler \ Toshiba \ configfree \ cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Enhetsbehandling: funksjonshemmede -------------------------------------------- -------- Ingen deaktivert enheter. - Planlagte oppgaver ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - en ------ C: \ WINDOWS \ Tasks \ RegCure Program Check.job 2008-04-04 12:33:04 438 - en ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - en ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - en ------ C: \ WINDOWS \ Tasks \ RegCure.job - Filer som er opprettet mellom 2008-03-07 og 2008-04-07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Programfiler \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ Iana \ Programdata \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard - Find3M Report ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ Iana \ Programdata \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Programfiler \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ Iana \ Programdata \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files 2008-03-25 10:03:27 0 d -------- C: \ Programfiler \ Fellesfiler \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Programfiler \ Fellesfiler \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Programfiler \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Programfiler \ Java 2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ Iana \ Programdata \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Programfiler \ Fellesfiler \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Programfiler \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Programfiler \ Google 2008-02-21 18:33:48 0 d -------- C: \ Programfiler \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Programfiler \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Programfiler \ RogueRemover GRATIS 2008-02-21 12:04:40 0 d -------- C: \ Programfiler \ The Walls of Jericho 2008-02-21 12:04:31 0 d -------- C: \ Programfiler \ HP Creative Idé CD 2008-02-21 12:04:11 0 d -------- C: \ Programfiler \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Programfiler \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Programfiler \ fjerning Man 2008-02-21 12:02:55 0 d -------- C: \ Programfiler \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Programfiler \ PopCap Games 2008-02-18 19:38:17 16 - en ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - en ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Programfiler \ IDIGICON Limited 2008-01-21 18:36:58 1024 - en ------ C: \ WINDOWS \ jericho_game_ra.dat - Registry Dump ---------------------------------------------- ----------------- * Note * empty entries & legit default entries ikke vises [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32] "Toshiba Hurtigtast Utility" = "C: \ Programfiler \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe] "NDSTray.exe" = "NDSTray.exe" [] "SmoothView" = "C: \ Programfiler \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Programfiler \ TOSHIBA \ Touch og Launch \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ system32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Programfiler \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "Aku" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [01/09/2006 16:57] "! AVG Anti-Spyware" = "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [11/06/2007 10:25] "AVG7_CC" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00] "OPSE påminnelse" = "C: \ Programfiler \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07.07.2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "TOSCDSPD" = "C: \ Programfiler \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [04/08/2004 14:00] "PnPUI Registrator" = "C: \ Programfiler \ Fellesfiler \ Sitecom Shared \ PNP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "MSMSGS" = "C: \ Programfiler \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27.02.2007 12:39] C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup Exif Launcher.lnk - C: \ Programfiler \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] "Authentication Packages" = msv1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-b600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - End of Deckard's System Scanner: fullført på 2008-04-07 08:53:08 ------------ Håper alt dette er fornuftig for deg Hilsen IanA |
